What the vulnerability does
01Description
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through <= 1.7.
Explanation of Vulnerability in Simple Terms
02Summary
Innovio versions 1.7 and earlier contain an authorization flaw that allows high-privileged users to read or modify limited data. The vulnerability requires administrative access and does not affect availability. Site owners should update to a version newer than 1.7 when available.
What an attacker can do
03Attacker Capabilities
Read or modify limited data on the site with high-level privileges.
Potential impact on your site
04Site Impact
High-privilege accounts could leak or alter sensitive information; availability is not affected.
Conditions required to exploit
05Prerequisites
Attacker must have high-level administrative access to the site.
Key dates
06Disclosure timeline
January 22, 2026
CVE published
April 28, 2026
Record updated